SYMBOLCOMMON_NAMEaka. SYNONYMS

Lazarus Group  (Back to overview)

aka: APT 38, APT-C-26, APT38, ATK117, ATK3, Andariel, Appleworm, Bluenoroff, Bureau 121, COPERNICIUM, COVELLITE, Citrine Sleet, DEV-0139, DEV-1222, Dark Seoul, Diamond Sleet, G0032, G0082, Genie Spider, Group 77, Hastati Group, Hidden Cobra, Labyrinth Chollima, Lazarus, Lazarus group, NICKEL GLADSTONE, NewRomanic Cyber Army Team, Nickel Academy, Operation AppleJeus, Operation DarkSeoul, Operation GhostSecret, Operation Troy, Sapphire Sleet, Stardust Chollima, Subgroup: Bluenoroff, TA404, Unit 121, Whois Hacking Team, ZINC, Zinc

Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group and Guardians of Peace. Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Duuzer, and Hangman.


Associated Families
win.unidentified_101 win.unidentified_090 aix.fastcash apk.badcall apk.hardrain js.quickcafe osx.3cx_backdoor osx.casso osx.dacls osx.manuscrypt osx.watchcat osx.yort php.redhat_hacker ps1.powerbrace ps1.powerspritz win.blindtoad win.buffetline win.cleantoad win.klackring win.power_ratankba osx.interception osx.unidentified_001 win.darkcomet win.srdi win.dacls osx.kandykorn osx.sugarloader osx.hloader osx.applejeus win.alphanc win.alreay win.anchormtea win.applejeus win.artfulpie win.bankshot win.banpolmex win.bistromath win.bitsran win.bluenoroff win.bookcodesrat win.bootwreck win.brambul win.bravonc win.cheesetray win.comebacker win.contopee win.coredn win.crat win.cur1_downloader win.deltas win.dtrack win.duuzer win.dyepack win.electricfish win.feed_load win.fuwuqidrama win.ghost_rat win.ghost_secret win.gopuram win.hardrain win.hermes win.hoplight win.hotcroissant win.hotwax win.httpsuploader win.interception win.jessiecontea win.joanap win.keymarble win.lazarloader win.lazarus_killdisk win.lcpdot win.lpeclient win.magic_rat win.nachocheese win.neddnloader win.nestegg win.op_blockbuster win.phandoor win.pslogger win.ratankba win.ratankbapos win.redshawl win.rifdoor win.roll_sling win.romeos win.scout win.sierras win.slickshoes win.torisma win.touchmove win.unidentified_042 win.unidentified_077 win.veiledsignal win.volgmer win.vsingle win.vyveva win.wannacryptor win.winordll64 win.wormhole win.minitypeframe win.racket win.rustbucket elf.badcall win.badcall win.iconic_stealer osx.poolrat win.3cx_backdoor win.blindingcan win.dratzarus win.forest_tiger win.imprudentcook win.lambload win.lightlesscan win.miniblindingcan win.postnaptea win.snatchcrypto win.webbytea win.wininetloader osx.simpletea win.typeframe win.cloudburst win.lazardoor win.wagenttea osx.rustbucket win.fudmodule elf.simpletea osx.spectral_blur elf.spectral_blur

References
2024-02-28Avast DecodedJan Vojtěšek
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
FudModule
2024-01-05Twitter (@greglesnewich)Greg Lesnewich
Tweets about a SpectralBlur a macOS sample
SpectralBlur
2024-01-05Twitter (@X__Junior)Mohamed Ashraf
Tweet about a SpectralBlur Linux sample
SpectralBlur
2023-12-05Kaspersky LabsSergey Puzan
BlueNoroff: new Trojan attacking macOS users
RustBucket
2023-11-22MicrosoftMicrosoft Threat Intelligence
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
LambLoad
2023-11-20PWCSveva Vittoria Scenarelli
King of Thieves: Black Alicanto and the Ecosystem of North Korea-Based Cyber Operations
RustBucket CageyChameleon RustBucket
2023-11-10HAURIHAURI
Detailed analysis report: Malware disguised as Putty (Lazarus APT)
ComeBacker
2023-10-31ElasticAndrew Pease, Colson Wilhoit, Ricardo Ungureanu, Seth Goodwin
Elastic catches DPRK passing out KANDYKORN
HLOADER KANDYKORN SUGARLOADER
2023-10-27KasperskySeongsu Park
A cascade of compromise: unveiling Lazarus’ new campaign
LPEClient PostNapTea
2023-10-26ESET ResearchESET Research
ESET APT Activity Report Q2–Q3 2023
SimpleTea
2023-10-18MicrosoftMicrosoft Threat Intelligence
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability
FeedLoad ForestTiger HazyLoad RollSling Silent Chollima
2023-10-18Kaspersky LabsGReAT, Kaspersky Lab ICS CERT
Updated MATA attacks industrial companies in Eastern Europe
Dacls Unidentified 106
2023-10-17AhnLabASEC Analysis Team
Lazarus Group’s Operation Dream Magic
LazarDoor wAgentTea
2023-10-13AhnLabASEC Analysis Team
Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malware
JessieConTea Scout Volgmer
2023-10-04Virus BulletinPeter Kálnai
Lazarus Campaigns and Backdoors in 2022-23
SimpleTea POOLRAT 3CX Backdoor BLINDINGCAN CLOUDBURST DRATzarus ForestTiger ImprudentCook LambLoad LightlessCan miniBlindingCan PostNapTea SnatchCrypto wAgentTea WebbyTea WinInetLoader
2023-09-29ESET ResearchPeter Kálnai
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
CLOUDBURST LightlessCan miniBlindingCan sRDI
2023-09-27Positive TechnologiesDenis Kuvshinov, Maxim Andreev
Dark River. You can't see them, but they're there
Dacls Unidentified 106
2023-09-22MandiantDan Black, Josh Atkins, Luke Jenkins
Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations
Brute Ratel C4 Cobalt Strike EnvyScout GraphDrop QUARTERRIG sRDI Unidentified 107 (APT29)
2023-08-31AhnLabSanseo
Analysis of Andariel’s New Attack Activities
Andardoor BlackRemote Tiger RAT Volgmer
2023-08-30Kaspersky LabsDavid Emm
IT threat evolution in Q2 2023
3CX Backdoor Bankshot BLINDINGCAN GoldMax Kazuar QUIETCANARY tomiris GoldenJackal
2023-08-22AhnLabASEC Analysis Team
Analyzing the new attack activity of the Andariel group
Andardoor MimiKatz QuiteRAT Tiger RAT Volgmer
2023-07-05SentinelOnePhil Stokes
BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection
RustBucket
2023-06-29ElasticAndrew Pease, Colson Wilhoit, Ricardo Ungureanu, Salim Bitam, Seth Goodwin
The DPRK strikes using a new variant of RUSTBUCKET
RustBucket
2023-06-08AhnLabASEC Analysis Team
Lazarus Group exploiting vulnerabilities in domestic financial security solutions
LazarDoor LazarLoader
2023-05-25YouTube (BSidesCharm)Asheer Malhotra
it’s all Magic(RAT) – A look into recent North Korean nation-state attacks
MagicRAT VSingle YamaBot
2023-05-22SekoiaCharles M., Jamila B., Kilian Seznec
Bluenoroff’s RustBucket campaign
RustBucket WebbyTea
2023-05-01JPCERT/CCShusei Tomonaga
Attack trends related to the attack campaign DangerousPassword
RustBucket CageyChameleon Cur1Downloader SnatchCrypto
2023-04-24CofenseAustin Jones
Open-Source Gh0st RAT Still Haunting Inboxes 15 Years After Release
Ghost RAT
2023-04-21Jamf BlogFerdous Saljooki, Jaron Bradley
BlueNoroff APT group targets macOS with ‘RustBucket’ Malware
RustBucket
2023-04-21SymantecThreat Hunter Team
X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
VEILEDSIGNAL
2023-04-203CXAgathocles Prodromou
Security Update Thursday 20 April 2023 – Initial Intrusion Vector Found
POOLRAT
2023-04-20MandiantADRIAN SANCHEZ, DANIEL SCOTT, Dimiter Andonov, Fred Plan, Jake Nicastro, JEFF JOHNSON, Marius Fodoreanu, RENATO FONTANA
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
POOLRAT IconicStealer UNC4736
2023-04-20ESET ResearchMarc-Etienne M.Léveillé, Peter Kálnai
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
BADCALL SimpleTea POOLRAT 3CX Backdoor BADCALL IconicStealer
2023-04-18MandiantMandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
2023-04-13Intel 471Jorge Rodriguez, Souhail Hammou
From GhostNet to PseudoManuscrypt - The evolution of Gh0st RAT
BBSRAT Gh0stTimes Ghost RAT PseudoManuscrypt
2023-04-12Kaspersky LabsSeongsu Park
Following the Lazarus group by tracking DeathNote campaign
Bankshot BLINDINGCAN ForestTiger LambLoad LPEClient MimiKatz NedDnLoader Racket Downloader Volgmer
2023-04-03Twitter (@kucher1n)Georgy Kucherin
Tweet on an alternative Guporam sample
Gopuram
2023-04-03Youtube (MalwareAnalysisForHedgehogs)Karsten Hahn
Malware Analysis - 3CX SmoothOperator ffmpeg.dll with Binary Ninja
3CX Backdoor
2023-04-03Kaspersky LabsGeorgy Kucherin
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
Gopuram
2023-04-01Github (dodo-sec)dodo-sec
SmoothOperator
3CX Backdoor
2023-04-01Objective-SeePatrick Wardle
Ironing out (the macOS) details of a Smooth Operator (Part II)
3CX Backdoor
2023-03-31splunkSplunk Threat Research Team
Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise
3CX Backdoor
2023-03-31cybleCyble
A Comprehensive Analysis of the 3CX Attack
3CX Backdoor
2023-03-31Reversing LabsKarlo Zanki
Red flags flew over software supply chain-compromised 3CX update
3CX Backdoor
2023-03-31BlackberryThe BlackBerry Research & Intelligence Team
Initial Implants and Network Analysis Suggest the 3CX Supply Chain Operation Goes Back to Fall 2022
3CX Backdoor
2023-03-31ZscalerMeghraj Nandanwar, Niraj Shivtarkar, Rohit Hegde
3CX Supply Chain Attack Campaign Campaign Analysis
3CX Backdoor
2023-03-31Group-IBGroup-IB
36gate: supply chain attack
3CX Backdoor
2023-03-31vmwareThreat Analysis Unit
Investigating 3CX Desktop Application Attacks: What You Need to Know
3CX Backdoor
2023-03-30OALabsSergei Frankoff
3CX Supply Chain Attack
3CX Backdoor
2023-03-30Trend MicroTrend Micro Research
Developing Story: Information on Attacks Involving 3CX Desktop App
3CX Backdoor IconicStealer
2023-03-30FortiguardFortiGuard Labs
3CX Desktop App Compromised (CVE-2023-29059)
3CX Backdoor
2023-03-30CrowdStrikeCS ENGINEER
2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers
3CX Backdoor
2023-03-30Cado SecurityCado Security
Forensic Triage of a Windows System running the Backdoored 3CX Desktop App
3CX Backdoor
2023-03-30VolexityAnkur Saini, Callum Roxan, Charlie Gardner, Paul Rascagnères, Steven Adair, Thomas Lancaster
3CX Supply Chain Compromise Leads to ICONIC Incident
3CX Backdoor IconicStealer
2023-03-30ElasticDaniel Stepanic, Devon Kerr, Joe Desimone, Remco Sprooten, Samir Bousseaden
Elastic users protected from SUDDENICON’s supply chain attack
3CX Backdoor
2023-03-30Rapid7 LabsRapid7
Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign
3CX Backdoor
2023-03-30Huntress LabsJohn Hammond
3CX VoIP Software Compromise & Supply Chain Threats
3CX Backdoor
2023-03-30SymantecThreat Hunter Team
3CX: Supply Chain Attack Affects Thousands of Users Worldwide
3CX Backdoor IconicStealer
2023-03-29SentinelOneJuan Andrés Guerrero-Saade
SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
3CX Backdoor
2023-03-29Objective-SeePatrick Wardle
Ironing out (the macOS details) of a Smooth Operator
3CX Backdoor
2023-03-29CrowdStrikeResearch & Threat Intel
CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers
3CX Backdoor
2023-03-20SecurityIntelligenceJohn Dwyer
When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule
FudModule
2023-03-09MandiantMandiant Intelligence
Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970
CLOUDBURST TOUCHMOVE TOUCHSHIFT
2023-03-09MandiantMandiant Intelligence
Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW
FudModule
2023-02-23BitdefenderBitdefender Team, Martin Zugec
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Cobalt Strike DarkComet QuiteRAT RATel
2023-02-23ESET ResearchVladislav Hrčka
WinorDLL64: A backdoor from the vast Lazarus arsenal?
WinorDLL64
2023-02-21SecurityIntelligenceRuben Boonen
Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers
FudModule
2023-02-09CISA, DSA, FBI, HHS, NSA, ROK
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Dtrack MagicRAT Maui Ransomware SiennaBlue SiennaPurple Tiger RAT YamaBot
2023-02-02WithSecureSami Ruohonen, Stephen Robinson
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
Dtrack GREASE QuiteRAT
2023-01-25ProofpointGreg Lesnewich, Proofpoint Threat Research Team
TA444: The APT Startup Aimed at Acquisition (of Your Funds)
CageyChameleon Lazarus Group TA444
2023-01-05AttackIQFrancis Guibernau, Ken Towne
Emulating the Highly Sophisticated North Korean Adversary Lazarus Group
MagicRAT Tiger RAT
2022-12-27KasperskySeongsu Park
BlueNoroff introduces new methods bypassing MoTW
LazarLoader Unidentified 101 (Lazarus?)
2022-12-20K7 SecurityMellvin S
Lazarus APT’s Operation Interception Uses Signed Binary
Interception
2022-12-16SekoiaJamila B., Threat & Detection Research Team
The DPRK delicate sound of cyber
AppleJeus AppleJeus SnatchCrypto
2022-11-29QianxinRed Raindrop Team
Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait
CageyChameleon Cur1Downloader
2022-11-23Twitter (@RedDrip7)RedDrip Team
Tweets about potential Lazarus sample
Unidentified 101 (Lazarus?)
2022-11-21vmwareThreat Analysis Unit
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA)
Dacls
2022-11-15Kaspersky LabsJornt van der Wiel, Konstantin Zykov
DTrack activity targeting Europe and Latin America
Dtrack
2022-10-24AhnLabASEC Analysis Team
Malware infection case of Lazarus attack group that neutralizes antivirus program with BYOVD technique
FudModule LazarDoor Racket Downloader
2022-09-30ESET ResearchPeter Kálnai
Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
BLINDINGCAN FudModule HTTP(S) uploader LambLoad TOUCHMOVE
2022-09-30Virus BulletinMatěj Havránek, Peter Kálnai
Lazarus & BYOVD: evil to the Windows core
FudModule
2022-09-29MicrosoftLinkedIn Threat Prevention and Defense, Microsoft Security Threat Intelligence
ZINC weaponizing open-source software
BLINDINGCAN CLOUDBURST miniBlindingCan
2022-09-26CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-09-26SentinelOneDinesh Devadoss, Phil Stokes
Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
Interception
2022-09-22AhnLabAhnLab ASEC Analysis Team
Analysis Report on Lazarus Group's Rootkit Attack Using BYOVD
FudModule
2022-09-15SymantecThreat Hunter Team
Webworm: Espionage Attackers Testing and Using Older Modified RATs
9002 RAT Ghost RAT Trochilus RAT
2022-09-14MandiantJames Maclachlan, Mathew Potaczek, Matt Williams, Nino Isakovic, Yash Gupta
It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN miniBlindingCan sRDI
2022-09-10Malversegreenplan
Realizziamo un C&C Server in Python (Bankshot)
Bankshot
2022-09-08Cisco TalosAsheer Malhotra, Jung soo An, Vitor Ventura
Lazarus and the tale of three RATs
MagicRAT MimiKatz VSingle YamaBot
2022-09-07Cisco TalosAsheer Malhotra, Jung soo An, Vitor Ventura
MagicRAT: Lazarus’ latest gateway into victim networks
MagicRAT Tiger RAT
2022-08-16Twitter (@ESETresearch)Dominik Breitenbacher, Peter Kálnai
Twitter thread about Operation In(ter)ception for macOS
Interception
2022-08-13YoutTube (Blue Team Village)Seongsu Park
Attribution and Bias: My terrible mistakes in threat intelligence attribution
AppleJeus Olympic Destroyer
2022-08-12CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 1: Common Techniques
Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-08-09KasperskyKurt Baumgartner, Seongsu Park
Andariel deploys DTrack and Maui ransomware
Dtrack Maui Ransomware
2022-07-18Palo Alto Networks Unit 42Unit 42
Iron Taurus
CHINACHOPPER Ghost RAT Wonknu ZXShell APT27
2022-07-14ProofpointCrista Giering, Joshua Miller, Michael Raggi, Proofpoint Threat Research Team
Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media
Chinoxy APT31 Lazarus Group TA482
2022-07-05JPCERT/CCShusei Tomonaga
VSingle malware that obtains C2 server information from GitHub
VSingle
2022-06-21Cisco TalosChris Neal, Flavio Costa, Guilherme Venere
Avos ransomware group expands with new attack arsenal
AvosLocker Cobalt Strike DarkComet MimiKatz
2022-06-17Github (monoxgas)Nick Landers
sRDI - Shellcode Reflective DLL Injection
sRDI
2022-05-23Trend MicroDaniel Lunghi, Jaromír Hořejší
Operation Earth Berberoka
reptile oRAT Ghost RAT PlugX pupy Earth Berberoka
2022-05-09cocomelonccocomelonc
Malware development: persistence - part 4. Windows services. Simple C++ example.
Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu
2022-05-05NCC GroupMichael Matthews, Nikolaos Pantazopoulos
North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
LCPDot
2022-04-27SymantecThreat Hunter Team
Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets
Dtrack VSingle
2022-04-27Trend MicroDaniel Lunghi, Jaromír Hořejší
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka
2022-04-27TrendmicroDaniel Lunghi, Jaromír Hořejší
Operation Gambling Puppet
reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka
2022-04-26Trend MicroLord Alfred Remorin, Ryan Flores, Stephen Hilt
How Cybercriminals Abuse Cloud Tunneling Services
AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT
2022-04-26AhnLabASEC Analysis Team
New Malware of Lazarus Threat Actor Group Exploiting INITECH Process
Racket Downloader wAgentTea
2022-04-20CISACISA
TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Bankshot TraderTraitor
2022-04-18CISACISA, FBI, U.S. Department of the Treasury
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies (PDF)
FastCash Bankshot
2022-04-18CISACISA, FBI, U.S. Department of the Treasury
Alert (AA22-108A): TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Bankshot
2022-04-15Center for Internet SecurityCIS
Top 10 Malware March 2022
Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus
2022-04-14SymantecThreat Hunter Team
Lazarus Targets Chemical Sector
Racket Downloader
2022-04-01The Hacker NewsRavie Lakshmanan
Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit
Fire Chili Ghost RAT
2022-03-31KasperskyGReAT
Lazarus Trojanized DeFi app for delivering malware
JessieConTea LCPDot
2022-03-30FortinetEliran Voronovitch, Rotem Sde-Or
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
Fire Chili Ghost RAT
2022-03-17SophosTilly Travers
The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker
2022-03-16AhnLabASEC Analysis Team
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
Ghost RAT Kingminer
2022-03-01Github (0xZuk0)Dipankar Lama
Malware Analysis Report: WannaCry Ransomware
WannaCryptor
2022-02-11Cisco TalosTalos
Threat Roundup for February 4 to February 11
DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus
2022-02-09SentinelOneJuan Andrés Guerrero-Saade, Tom Hegel
Modified Elephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC
2022-02-09Sentinel LABSTom Hegel
ModifiedElephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC ModifiedElephant
2022-01-31Cyber GeeksVlad Pasca
A Detailed Analysis Of Lazarus APT Malware Disguised As Notepad++ Shell Extension
AnchorMTea
2022-01-13Kaspersky LabsSeongsu Park, Vitaly Kamluk
The BlueNoroff cryptocurrency hunt is still on
CageyChameleon SnatchCrypto WebbyTea
2021-12-14Trend MicroNick Dai, Ted Lee, Vickie Su
Collecting In the Dark: Tropic Trooper Targets Transportation and Government
ChiserClient Ghost RAT Lilith Quasar RAT xPack APT23
2021-12-01ThreatBookThreatBook
The Lazarus Group suspected of expanding its arsenal? The hackers target aviation industry and researchers
AnchorMTea
2021-11-10AhnLabASEC Analysis Team
Analysis Report of Lazarus Group’s NukeSped Malware
DarkComet Tiger RAT
2021-10-11TelsyTelsy
Lazarus Group continues AppleJeus Operation
AppleJeus
2021-10-08Virus BulletinSeongsu Park
Multi-universe of adversary: multiple campaigns of the Lazarus group and their connections
Dacls AppleJeus AppleJeus Bankshot BookCodes RAT Dacls DRATzarus LCPDot LPEClient
2021-10-07Virus BulletinByeongjae Kim, Dongwook Kim, Taewoo Lee
Operation Bookcodes – targeting South Korea
BookCodes RAT LPEClient
2021-10-05BlackberryThe BlackBerry Research & Intelligence Team
Drawing a Dragon: Connecting the Dots to Find APT41
Cobalt Strike Ghost RAT
2021-10-04JPCERT/CCShusei Tomonaga
Malware Gh0stTimes Used by BlackTech
Gh0stTimes Ghost RAT
2021-09-07LIFARSVlad Pasca
A Detailed Analysis of Lazarus’ RAT Called FALLCHILL
Volgmer
2021-09-06cocomelonccocomelonc
AV engines evasion for C++ simple malware: part 2
Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze
2021-09-04cocomelonccocomelonc
AV engines evasion for C++ simple malware: part 1
4h_rat Azorult BADCALL BadNews BazarBackdoor Cardinal RAT
2021-08-22media.ccc.deLars Wallenborn
The Bangladesh cyber bank robbery: Tracking down major criminals with malware analysis
DYEPACK
2021-08-22Malware and StuffAndreas Klopsch
PEB: Where Magic Is Stored
Dacls
2021-08-05KrebsOnSecurityBrian Krebs
Ransomware Gangs and the Name Game Distraction
DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet
2021-07-10Youtube (AhmedS Kasmani)AhmedS Kasmani
Analysis of AppleJeus Malware by Lazarus Group
AppleJeus
2021-07-08Medium s2wlabSojun Ryu
Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
Racket Downloader
2021-06-15KasperskySeongsu Park
Andariel evolves to target South Korea with ransomware
BISTROMATH PEBBLEDASH TigerLite Tiger RAT Unidentified 081 (Andariel Ransomware)
2021-05-13AhnLabAhnLab ASEC Analysis Team
APT attack for domestic companies using library files
ImprudentCook
2021-05-11QianxinRed Raindrop Team
Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait
BISTROMATH TigerLite
2021-05-05ZscalerAniruddha Dolas, Manohar Ghule, Mohd Sadique
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats
Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos
2021-04-28Trend MicroJaromír Hořejší, Joseph C Chen
Water Pamola Attacked Online Shops Via Malicious Orders
Ghost RAT
2021-04-19MalwarebytesHossein Jazi
Lazarus APT conceals malicious code within BMP image to drop its RAT
BISTROMATH
2021-04-15AhnLabAhnLab ASEC Analysis Team
Operation Dream Job Targeting Job Seekers in South Korea
LCPDot Torisma
2021-04-08ESET ResearchFilip Jurčacko
(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
Vyveva RAT
2021-04-02Dr.WebDr.Web
Study of targeted attacks on Russian research institutes
Cotx RAT Ghost RAT TA428
2021-04-01AhnLabASEC Analysis Team
ASEC REPORT VOL.102 Q1 2021
ComeBacker JessieConTea LCPDot
2021-03-22JPCERT/CCShusei Tomonaga
Lazarus Attack Activities Targeting Japan (VSingle/ValeforBeta)
VSingle
2021-03-21BlackberryBlackberry Research
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot
2021-03-15Sophos LabsMark Loman
DearCry ransomware attacks exploit Exchange server vulnerabilities
dearcry WannaCryptor
2021-03-03SYGNIAAmitai Ben Shushan, Amnon Kushnir, Boaz Wasserman, Martin Korman, Noam Lifshitz
Lazarus Group’s MATA Framework Leveraged to Deploy TFlower Ransomware
Dacls Dacls Dacls TFlower
2021-02-28PWC UKPWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2021-02-26YouTube (Black Hat)Kevin Perlow
FASTCash and INJX_Pure: How Threat Actors Use Public Standards for Financial Fraud
FastCash
2021-02-25Kaspersky LabsSeongsu Park, Vyacheslav Kopeytsev
Lazarus targets defense industry with ThreatNeedle
HTTP(S) uploader LPEClient Volgmer
2021-02-25IntezerIntezer
Year of the Gopher A 2020 Go Malware Round-Up
NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2021-02-22tccontre Blogtcontre
Gh0stRat Anti-Debugging: Nested SEH (try - catch) to Decrypt and Load its Payload
Ghost RAT
2021-02-18SymantecThreat Hunter Team
Lazarus: Three North Koreans Charged for Financially Motivated Attacks
AppleJeus POOLRAT Unidentified macOS 001 (UnionCryptoTrader) AppleJeus Unidentified 077 (Lazarus Downloader)
2021-02-17US-CERTCISA
Malware Analysis Report (AR21-048B): AppleJeus: JMT Trading
AppleJeus AppleJeus
2021-02-17US-CERTCISA
Malware Analysis Report (AR21-048F): AppleJeus: Dorusio
AppleJeus AppleJeus Unidentified 077 (Lazarus Downloader)
2021-02-17US-CERTCISA
Malware Analysis Report (AR21-048A): AppleJeus: Celas Trade Pro
AppleJeus AppleJeus
2021-02-17US-CERTUS-CERT
Alert (AA21-048A): AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
AppleJeus AppleJeus
2021-02-17US-CERTCISA
Malware Analysis Report (AR21-048G): AppleJeus: Ants2Whale
AppleJeus AppleJeus
2021-02-17US-CERTCISA
Malware Analysis Report (AR21-048E): AppleJeus: CoinGoTrade
AppleJeus POOLRAT AppleJeus
2021-02-17US-CERTCISA
Malware Analysis Report (AR21-048D): AppleJeus: Kupay Wallet
AppleJeus AppleJeus
2021-02-17US-CERTCISA
Malware Analysis Report (AR21-048C): AppleJeus: Union Crypto
AppleJeus Unidentified macOS 001 (UnionCryptoTrader) AppleJeus
2021-02-01ESET ResearchIgnacio Sanmillan, Matthieu Faou
Operation NightScout: Supply‑chain attack targets online gaming in Asia
Ghost RAT NoxPlayer Poison Ivy Red Dev 17
2021-02-01One Night in NorfolkKevin Perlow
DPRK Targeting Researchers II: .Sys Payload and Registry Hunting
ComeBacker
2021-01-30Microstep Intelligence BureauMicrostep online research response team
Analysis of Lazarus attacks against security researchers
ComeBacker
2021-01-29NSFOCUSFuying Laboratory
认识STUMBzarus——APT组织Lazarus近期定向攻击组件深入分析
ComeBacker DRATzarus Torisma
2021-01-28MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
ZINC attacks against security researchers
ComeBacker Klackring
2021-01-27S2W LAB Inc.Sojun Ryu
How to communicate between RAT infected devices (White paper)
Volgmer
2021-01-27S2W LAB Inc.Sojun Ryu
Analysis of THREATNEEDLE C&C Communication (feat. Google TAG Warning to Researchers)
Volgmer
2021-01-26One Night in NorfolkKevin Perlow
DPRK Malware Targeting Security Researchers
ComeBacker
2021-01-26ComaeMatt Suiche
PANDORABOX - North Koreans target security researchers
ComeBacker
2021-01-26JPCERT/CCShusei Tomonaga
Operation Dream Job by Lazarus
LCPDot Torisma Lazarus Group
2021-01-25GoogleAdam Weidemann
New campaign targeting security researchers
ComeBacker DRATzarus
2021-01-20JPCERT/CCShusei Tomonaga
Commonly Known Tools Used by Lazarus
Lazarus Group
2021-01-15SwisscomMarkus Neis
Cracking a Soft Cell is Harder Than You Think
Ghost RAT MimiKatz PlugX Poison Ivy Trochilus RAT
2021-01-09Marco Ramilli's BlogMarco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2021-01-07Github (hvs-consulting)HvS-Consulting AG
Lazarus / APT37 IOCs
Lazarus Group
2021-01-01Objective-SeePatrick Wardle
The Mac Malware of 2020 - a comprehensive analysis of the year's new malware
AppleJeus Dacls EvilQuest FinFisher WatchCat XCSSET
2020-12-23Kaspersky LabsSeongsu Park
Lazarus covets COVID-19-related intelligence
BookCodes RAT wAgentTea
2020-12-21Cisco TalosJON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader
2020-12-18SeqritePavankumar Chaudhari
RAT used by Chinese cyberspies infiltrating Indian businesses
Ghost RAT
2020-12-15HvS-Consulting AGHvS-Consulting AG
Greetings from Lazarus: Anatomy of a cyber espionage campaign
BLINDINGCAN MimiKatz Lazarus Group
2020-12-15HvS-Consulting AGHvS-Consulting AG
Greetings from Lazarus Anatomy of a cyber espionage campaign
BLINDINGCAN HTTP(S) uploader MimiKatz
2020-12-11PWC UKTwitter (@BitsOfBinary)
Tweet on macOS Manuscypt samples
Manuscrypt
2020-12-10Intel 471Intel 471
No pandas, just people: The current state of China’s cybercrime underground
Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT
2020-12-10US-CERTFBI, MS-ISAC, US-CERT
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus
2020-12-09CrowdStrikeJason Rivera, Josh Burgess
From Zero to SixtyThe Story of North Korea’s Rapid Ascent to Becoming a Global Cyber Superpower
FastCash Hermes WannaCryptor
2020-11-27MacnicaHiroshi Takeuchi
Analyzing Organizational Invasion Ransom Incidents Using Dtrack
Cobalt Strike Dtrack
2020-11-27Microstep Intelligence BureauMicrostep online research response team
钱包黑洞:Lazarus 组织近期在加密货币方面的隐蔽攻击活动
Manuscrypt
2020-11-21vxhive blog0xastrovax
Deep Dive Into HERMES Ransomware
Hermes
2020-11-16ESET ResearchAnton Cherepanov, Peter Kálnai
Lazarus supply‑chain attack in South Korea
BookCodes RAT Lazarus Group
2020-11-14Medium 0xastrovaxastrovax
Deep Dive Into Ryuk Ransomware
Hermes Ryuk
2020-11-12TalosAsheer Malhotra
CRAT wants to plunder your endpoints
CRAT
2020-11-05McAfeeChristiaan Beek, Ryan Sherstobitoff
Operation North Star: Behind The Scenes
NedDnLoader Torisma
2020-11-03Kaspersky LabsGReAT
APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti
2020-10-28Twitter (@BitsOfBinary)John
Tweet on macOS version of Manuscrypt
Manuscrypt
2020-10-27Dr.WebDr.Web
Study of the ShadowPad APT backdoor and its relation to PlugX
Ghost RAT PlugX ShadowPad
2020-10-03VB LocalhostRintaro Koike, Shogo Hayashi, Takai Hajime
Unveiling the CryptoMimic
CageyChameleon SnatchCrypto
2020-09-29JPCERT/CCShusei Tomonaga
BLINDINGCAN - Malware Used by Lazarus
BLINDINGCAN Lazarus Group
2020-09-16QianxinRed Raindrop Team
Target defense industry: Lazarus uses recruitment bait combined with continuously updated cyber weapons
CRAT
2020-09-15CrowdStrikeCrowdStrike Overwatch Team
Nowhere to Hide - 2020 Threat Hunting Report
NedDnLoader RDAT TRACER KITTEN
2020-08-31JPCERT/CCShusei Tomonaga
Malware Used by Lazarus after Network Intrusion
Lazarus Group
2020-08-31SentinelOneJim Walter
The BLINDINGCAN RAT and Malicious North Korean Activity
BLINDINGCAN
2020-08-26CISACISA
MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON
PSLogger
2020-08-26CISACISA, FBI, U.S. Cyber Command, U.S. Department of the Treasury
Alert (AA20-239A): FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks
FastCash
2020-08-26CISACISA
MAR-10301706-2.v1 - North Korean Remote Access Tool: VIVACIOUSGIFT
NACHOCHEESE
2020-08-19US-CERTUS-CERT
Malware Analysis Report (AR20-232A)
Bankshot BLINDINGCAN
2020-08-19CISACISA
MAR-10295134-1.v1 - North Korean Remote Access Trojan: BLINDINGCAN
BLINDINGCAN
2020-08-13ClearSkyClearSky Research Team
Operation ‘Dream Job’ Widespread North Korean Espionage Campaign
DRATzarus LPEClient NedDnLoader
2020-08-05BlackHatKevin Perlow
FASTCashand INJX_PURE: How Threat Actors Use Public Standards for Financial Fraud
FastCash
2020-08-05BlackHatKevin Perlow
FASTCash and Associated Intrusion Techniques
FastCash
2020-08-01Temple UniversityCARE
Critical Infrastructure Ransomware Attacks
CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor
2020-08-01TG SoftTG Soft
TG Soft Cyber - Threat Report
DarkComet Darktrack RAT Emotet ISFB
2020-07-29ESET Researchwelivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor
2020-07-29Kaspersky LabsGReAT
APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel
2020-07-29McAfeeMcAfee Labs
Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?
NedDnLoader
2020-07-28Kaspersky LabsFélix Aime, Ivan Kwiatkowski, Pierre Delcher
Lazarus on the hunt for big game
Dacls Dacls Dacls VHD Ransomware
2020-07-28NTTNTT Security
CraftyPanda 標的型攻撃解析レポート
Ghost RAT PlugX
2020-07-27SentinelOnePhil Stokes
Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform
AppleJeus Casso Dacls WatchCat
2020-07-22Kaspersky LabsGReAT
MATA: Multi-platform targeted malware framework
Dacls Dacls Dacls
2020-07-20Risky.bizDaniel Gordon
What even is Winnti?
CCleaner Backdoor Ghost RAT PlugX ZXShell
2020-06-29KISAKrCERT
OPERATION BOOKCODES TTPs #2
BookCodes RAT
2020-06-28Twitter (@ccxsaber)z3r0
Tweet on Sample
Unidentified 077 (Lazarus Downloader)
2020-06-23ReversingLabsKarlo Zanki
Hidden Cobra - from a shed skin to the viper’s nest
Bankshot PEBBLEDASH TAINTEDSCRIBE
2020-06-17ESET ResearchDominik Breitenbacher, Kaspars Osis
Operation In(ter)ception: Targeted Attacks against European Aerospace and Military Companies
Interception
2020-06-14BushidoTokenBushidoToken
Deep-dive: The DarkHotel APT
Asruex Ghost RAT Ramsay Retro Unidentified 076 (Higaisa LNK to Shellcode)
2020-06-09Kaspersky LabsCostin Raiu
Looking at Big Threats Using Code Similarity. Part 1
Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel
2020-06-05PrevailionDanny Adamitis
The Gh0st Remains the Same
Ghost RAT
2020-06-04PTSecurityPT ESC Threat Intelligence
COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group
Ghost RAT
2020-05-31Twitter (ShadowChasing1)Shadow Chaser Group
Tweet on DTRACK malware
Dtrack
2020-05-20Medium Asuna AmawakaAsuna Amawaka
What happened between the BigBadWolf and the Tiger?
Ghost RAT
2020-05-14Avast DecodedLuigino Camastra
APT Group Planted Backdoors Targeting High Profile Networks in Central Asia
BYEBY Ghost RAT Microcin MimiKatz Vicious Panda
2020-05-12US-CERTUS-CERT
MAR-10288834-1.v1 – North Korean Remote Access Tool: COPPERHEDGE
Bankshot
2020-05-11Trend MicroGabrielle Joyce Mabutas, Kazuki Fujisawa
New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability
Dacls
2020-05-11Trend MicroGabrielle Joyce Mabutas, Kazuki Fujisawa
New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability
Dacls
2020-05-07AVARAriel Jugnheit, Mark Lechtik
The North Korean AV Anthology: a unique look on DPRK’s Anti-Virus market
Volgmer
2020-05-06MalwarebytesHossein Jazi, Jérôme Segura, Thomas Reed
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
Dacls
2020-05-05Objective-SeePatrick Wardle
The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant
Dacls
2020-05-04ADEO DFIRADEO DFIR
APT38 Lazarus Threat Analysis Report
BLINDTOAD ELECTRICFISH
2020-04-16VMWare Carbon BlackScott Knight
The Evolution of Lazarus
HOTCROISSANT Rifdoor
2020-04-14QianxinQi'anxin Threat Intelligence
The Lazarus APT organization uses the new crown epidemic bait to target a targeted attack analysis of a country
CRAT
2020-04-09suspected.tistory.comhmkang92
Malware analysis (Emergency inquiry for Coronavirus response in Jeollanam-do.hwp)
CRAT
2020-04-01KISAKrCERT
OPERATION BOOKCODES TTPs #1
BookCodes RAT
2020-03-05MicrosoftMicrosoft Threat Protection Intelligence Team
Human-operated ransomware attacks: A preventable disaster
Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA
2020-03-05SophosLabsSergei Shevchenko
Cloud Snooper Attack Bypasses AWS Security Measures
Cloud Snooper Ghost RAT
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-02-26MetaSwan's LabMetaSwan
Lazarus group's Brambul worm of the former Wannacry - 2
Brambul
2020-02-26MetaSwan's LabMetaSwan
Lazarus group's Brambul worm of the former Wannacry - 1
Brambul WannaCryptor
2020-02-25RSA ConferenceJoel DeCapua
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help
FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus
2020-02-25SentinelOneJim Walter
DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity
ARTFULPIE BISTROMATH BUFFETLINE CHEESETRAY HOPLIGHT HOTCROISSANT SLICKSHOES
2020-02-22Objective-SeePatrick Wardle
Weaponizing a Lazarus Group Implant: repurposing a 1st-stage loader, to execute custom 'fileless' payloads
AppleJeus
2020-02-19LexfoLexfo
The Lazarus Constellation A study on North Korean malware
FastCash AppleJeus BADCALL Bankshot Brambul Dtrack Duuzer DYEPACK ELECTRICFISH HARDRAIN Hermes HOPLIGHT Joanap KEYMARBLE Kimsuky MimiKatz MyDoom NACHOCHEESE NavRAT PowerRatankba RokRAT Sierra(Alfa,Bravo, ...) Volgmer WannaCryptor
2020-02-14US-CERTUS-CERT
Malware Analysis Report (AR20-045C)
CHEESETRAY
2020-02-14US-CERTUS-CERT
Malware Analysis Report (AR20-045E): MAR-10271944-2.v1 - North Korean Trojan: ARTFULPIE
ARTFULPIE
2020-02-14US-CERTUS-CERT
Malware Analysis Report (AR20-045D): MAR-10271944-1.v1 - North Korean Trojan: HOTCROISSANT
HOTCROISSANT
2020-02-14US-CERTUS-CERT
Malware Analysis Report (AR20-045A): MAR-10265965-1.v1 - North Korean Trojan: BISTROMATH
BISTROMATH
2020-02-14US-CERTUS-CERT
Malware Analysis Report (AR20-045F): MAR-10271944-3.v1 - North Korean Trojan: BUFFETLINE
BUFFETLINE
2020-02-14US-CERTUS-CERT
Malware Analysis Report (AR20–045B): MAR-10265965-2.v1 - North Korean Trojan: SLICKSHOES
SLICKSHOES
2020-02-14US-CERTUS-CERT
Malware Analysis Report (AR20-045G): MAR-10135536-8.v4 - North Korean Trojan: HOPLIGHT
HOPLIGHT
2020-02-13QianxinQi Anxin Threat Intelligence Center
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020-02-10MalwarebytesAdam Kujawa, Chris Boyd, David Ruiz, Jérôme Segura, Jovi Umawing, Nathan Collier, Pieter Arntz, Thomas Reed, Wendy Zamora
2020 State of Malware Report
magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor
2020-02-02Youtube (Ghidra Ninja)Ghidra Ninja
Reversing WannaCry Part 2 - Diving into the malware with #Ghidra
WannaCryptor
2020-01-26Brown Farinholt, Damon McCoy, Kirill Levchenko, Mohammad Rezaeirad
Dark Matter: Uncovering the DarkComet RAT Ecosystem
DarkComet
2020-01-08Kaspersky LabsGReAT
Operation AppleJeus Sequel
AppleJeus Unidentified macOS 001 (UnionCryptoTrader)
2020-01-01Objective-SeePatrick Wardle
The Mac Malware of 2019
Gmera Mokes Yort
2020-01-01SecureworksSecureWorks
BRONZE EDISON
Ghost RAT sykipot APT4 SAMURAI PANDA
2020-01-01SecureworksSecureWorks
BRONZE UNION
9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell APT27
2020-01-01SecureworksSecureWorks
ALUMINUM SARATOGA
BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats
2020-01-01SecureworksSecureWorks
NICKEL ACADEMY
Brambul Duuzer HOPLIGHT Joanap Sierra(Alfa,Bravo, ...) Volgmer
2020-01-01SecureworksSecureWorks
NICKEL GLADSTONE
AlphaNC Bankshot Ratankba Lazarus Group
2020-01-01SecureworksSecureWorks
BRONZE GLOBE
EtumBot Ghost RAT APT12
2020-01-01SecureworksSecureWorks
BRONZE FLEETWOOD
Binanen Ghost RAT OrcaRAT APT5
2020-01-01SecureworksSecureWorks
COPPER FIELDSTONE
Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major
2019-12-17NetlabGenShen Ye, Jinye
Lazarus Group uses Dacls RAT to attack Linux platform
Dacls Log Collector Dacls
2019-12-12MicrosoftMicrosoft Threat Intelligence Center
GALLIUM: Targeting global telecom
CHINACHOPPER Ghost RAT HTran MimiKatz Poison Ivy GALLIUM
2019-12-12FireEyeChi-en Shen, Oleg Bondarenko
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD poisonplug TrickBot BlackTech
2019-12-03Objective-SeeObjective-See
Lazarus Group Goes 'Fileless'
Unidentified macOS 001 (UnionCryptoTrader)
2019-11-21ThreatBookThreatBook
The Nightmare of Global Cryptocurrency Companies -Demystifying the “DangerousPassword” of the APT Organization
CageyChameleon SnatchCrypto
2019-11-21CyberbitHod Gavriel
Dtrack: In-depth analysis of APT on a nuclear power plant
Dtrack
2019-11-19FireEyeKelli Vanderlee, Nalani Fraser
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell
2019-11-05TelsyTelsy Research Team
The Lazarus’ gaze to the world: What is behind the first stone?
NedDnLoader Torisma
2019-11-04TencentTencent Security Mikan TIC
APT attack group "Higaisa" attack activity disclosed
Ghost RAT Higaisa
2019-11-04Marco Ramilli's BlogMarco Ramilli
Is Lazarus/APT38 Targeting Critical Infrastructures?
Dtrack
2019-11-03Github (jeFF0Falltrades)Jeff Archer
DTrack
Dtrack
2019-10-31CISACISA
Malware Analysis Report (AR19-304A)
HOPLIGHT
2019-10-17Vitali Kremez
Let's Learn: Dissecting Lazarus Windows x86 Loader Involved in Crypto Trading App Distribution: "snowman" & ADVObfuscator
AppleJeus
2019-10-12Objective-SeePatrick Wardle
Pass the AppleJeus
AppleJeus
2019-10-11Twitter (@VK_intel)Vitali Kremez
Possible Lazarus x86 Malware (AppleJeus)
AppleJeus
2019-09-23MITREMITRE ATT&CK
APT41
Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41
2019-09-23Kaspersky LabsKonstantin Zykov
Hello! My name is Dtrack
Dtrack
2019-09-18SophosLabs UncutPeter Mackenzie
The WannaCry hangover
WannaCryptor
2019-09-17SophosLabsPeter Mackenzie
WannaCry Aftershock
WannaCryptor
2019-09-17TalosChristopher Evans, David Liebenberg
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”
Ghost RAT
2019-09-09CISACISA
Malware Analysis Report (AR19-252A)
BADCALL BADCALL
2019-08-11Twitter (@KevinPerlow)Kevin Perlow
Updated #Lazarus Keylogger (uploaded June)
PSLogger
2019-08-01Kaspersky LabsGReAT
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy
2019-07-28Dissecting MalwareMarius Genheimer
Third time's the charm? Analysing WannaCry samples
WannaCryptor
2019-07-11NTT SecurityNTT Security
Targeted TrickBot activity drops 'PowerBrace' backdoor
PowerBrace TrickBot
2019-05-30Talos IntelligenceVanja Svajcer
10 years of virtual dynamite: A high-level retrospective of ATM malware
FastCash Project Alice Cutlet Ploutus ATM Skimer Tyupkin
2019-05-09CISACISA
Malware Analysis Report (AR19-129A)
ELECTRICFISH Lazarus Group
2019-04-25DATANETKim Seon-ae
Chinese-based hackers attack domestic energy institutions
CALMTHORN Ghost RAT
2019-04-24SpecterOpsRichie Cyrus
Introducing Venator: A macOS tool for proactive detection
AppleJeus WindTail
2019-04-11Computing.co.ukDev Kundaliya
Lazarus rises: Warning over new HOPLIGHT malware linked with North Korea
HOPLIGHT
2019-04-10The RegisterShaun Nichols
Lazarus Group rises again from the digital grave with Hoplight malware for all
Lazarus Group
2019-04-10US-CERTUS-CERT
Malware Analysis Report (AR19-100A): North Korean Trojan: HOPLIGHT
HOPLIGHT
2019-04-10One Night in NorfolkNorfolk
OSINT Reporting Regarding DPRK and TA505 Overlap
PowerBrace
2019-03-27SymantecSecurity Response Attack Investigation Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33
2019-03-27SymantecCritical Attack Discovery and Intelligence Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33
2019-03-26Kaspersky LabsGReAT
Cryptocurrency businesses still being targeted by Lazarus
Yort Lazarus Group
2019-03-20Github (649)@037
APT38 DYEPACK FRAMEWORK
DYEPACK
2019-03-18DCSODCSO
Enterprise Malware-as-a-Service: Lazarus Group and the Evolution of Ransomware
Hermes
2019-03-14CISACISA
MAR-10135536-12 – North Korean Trojan: TYPEFRAME
miniTypeFrame TYPEFRAME
2019-03-12MalwarebytesWilliam Tsing
The Advanced Persistent Threat files: Lazarus Group
Lazarus Group
2019-02-27SecureworksCTU Research Team
A Peek into BRONZE UNION’s Toolbox
Ghost RAT HyperBro ZXShell
2019-02-19Check Point ResearchCheck Point
North Korea Turns Against New Targets?!
KEYMARBLE
2019-01-31ESTsecurityAlyac
Lazarus APT Organization Attacks with Operation Extreme Job
CoreDN
2019-01-30Cisco TalosEdmund Brumaghin, Jungsoo An, Paul Rascagnères
Fake Cisco Job Posting Targets Korean Candidates
CoreDN JessieConTea
2019-01-29MITREMITRE ATT&CK
APT38
Lazarus Group
2019-01-23NSHC RedAlert LabsThreatRecon Team
SectorA01 Custom Proxy Utility Tool Analysis
FastCash
2019-01-22One Night in NorfolkNorfolk
A Lazarus Keylogger- PSLogger
PSLogger
2019-01-16ZDNetCatalin Cimpanu
North Korean hackers infiltrate Chile's ATM network after Skype job interview
Lazarus Group
2019-01-15FlashpointVitali Kremez
Disclosure of Chilean Redbanc Intrusion Leads to Lazarus Ties
PowerRatankba
2019-01-07IntezerIgnacio Sanmillan
ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups
Ghost RAT
2019-01-01DragosDragos
Adversary Reports
ALLANITE APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm
2019-01-01Council on Foreign RelationsCyber Operations Tracker
Operation GhostSecret
Lazarus Group
2019-01-01Council on Foreign RelationsCyber Operations Tracker
Compromise of cryptocurrency exchanges in South Korea
Lazarus Group
2019-01-01CISACISA
HIDDEN COBRA - North Korean Malicious Cyber Activity
Lazarus Group
2019-01-01Journal of Telecommunications and Information TechnologyMaxat Akbanov, Michael D. Logothetis, Vassilios G. Vassilakis
WannaCry Ransomware: Analysis of Infection, Persistence, Recovery Prevention and Propagation Mechanisms
WannaCryptor
2019-01-01MITREMITRE ATT&CK
Group description: Lazarus Group
Lazarus Group
2019-01-01Council on Foreign RelationsCyber Operations Tracker
Covellite
Lazarus Group
2019-01-01Council on Foreign RelationsCyber Operations Tracker
Lazarus Group
Lazarus Group
2018-12-31Github RepositoryFrank Boldewin
FastCashMalwareDissected
FastCash
2018-12-12McAfeeAsheer Malhotra, Ryan Sherstobitoff
‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
Rising Sun Lazarus Group Operation Sharpshooter
2018-11-20Trend MicroJoelson Soares, Lenart Bermejo
Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America
BLINDTOAD
2018-11-17Youtube (Demonslay335)Michael Gillespie
Analyzing Ransomware - Beginner Static Analysis
Hermes
2018-11-08SymantecCritical Attack Discovery and Intelligence Team
FASTCash: How the Lazarus Group is Emptying Millions from ATMs
FastCash Lazarus Group
2018-11-08SymantecSecurity Response Attack Investigation Team
FASTCash: How the Lazarus Group is Emptying Millions from ATMs
FastCash Lazarus Group
2018-10-08Youtube VideoSaher Naumaan
BSides Belfast 2018: Lazarus On The Rise: Insights From SWIFT Bank Attacks
NESTEGG
2018-10-03Virus BulletinMichal Poslušný, Peter Kálnai
Lazarus Group A Mahjong Game Played with Different Sets of Tiles
Bankshot BanPolMex RAT FuwuqiDrama HOTWAX KillDisk (Lazarus) NACHOCHEESE REDSHAWL WannaCryptor
2018-10-02CISADepartment of Homeland Security (DHS), Department of the Treasury (Treasury), FBI
Alert (TA18-275A): HIDDEN COBRA – FASTCash Campaign
FastCash
2018-10-02US-CERTUS-CERT
Alert (TA18-275A) HIDDEN COBRA: FASTCash Campaign
FastCash
2018-10-01Youtube (FireEye Inc.)Christopher DiGiamo, Jacqueline O’Leary, Nalani Fraser
CDS 2018 | Unmasking APT X
NESTEGG
2018-09-19Möbius Strip Reverse EngineeringRolf Rolles
Hex-Rays Microcode API vs. Obfuscating Compiler
Ghost RAT
2018-09-06Department of JusticeOffice of Public Affairs
North Korean Regime-Backed Programmer Charged With Conspiracy to Conduct Multiple Cyber Attacks and Intrusions
Lazarus Group
2018-08-27DARKReadingJai Vijayan
North Korean Hacking Group Steals $13.5 Million From Indian Bank
Lazarus Group
2018-08-23Kaspersky LabsGReAT
Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware
AppleJeus Volgmer Lazarus Group
2018-08-23Bleeping ComputerCatalin Cimpanu
Lazarus Group Deploys Its First Mac Malware in Cryptocurrency Exchange Hack
Lazarus Group
2018-08-09CISACISA
Malware Analysis Report (AR18-221A)
KEYMARBLE
2018-07-30ProofpointProofpoint Staff
New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign
Azorult Hermes
2018-07-26IEEE Symposium on Security and Privacy (SP)Alex C. Snoeren, Damon McCoy, Danny Yuxing Huang, Elie Bursztein, Jonathan Levin, Kirill Levchenko, Kylie McRoberts, Luca Invernizzi, Maxwell Matthaios Aliapoulios, Vector Guo Li
Tracking Ransomware End-to-end
Cerber Locky WannaCryptor
2018-06-23AhnLabAhnLab
Full Discloser of Andariel, A Subgroup of Lazarus Threat Group
PhanDoor Rifdoor
2018-06-13ThreatpostTara Seals
Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist
Lazarus Group
2018-06-13AcalvioTeam Acalvio
Lateral Movement Technique Employed by Hidden Cobra
Brambul Joanap
2018-06-08United States District Court (California)Nathan P. Shields, Rozella A. Oliver
Complaint against Jin Hyok Park
NESTEGG
2018-06-07Trend MicroFernando Mercês
New KillDisk Variant Hits Latin American Financial Organizations Again
BOOTWRECK
2018-05-29US-CERTUS-CERT
MAR-10135536-3 - HIDDEN COBRA RAT/Worm
Brambul Joanap
2018-05-29US-CERTUS-CERT
Alert (TA18-149A): HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm
Brambul Joanap
2018-05-29BloombergMichelle Davis
Mexico Foiled a $110 Million Bank Heist, Then Kept It a Secret
Lazarus Group
2018-05-03McAfeeItai Liba, James Walter, Ryan Sherstobitoff
Dissecting Operation Troy: Cyberespionage in South Korea
concealment_troy http_troy Lazarus Group
2018-04-27Bleeping ComputerCatalin Cimpanu
North Korean Hackers Are up to No Good Again
Lazarus Group
2018-04-24McAfeeRyan Sherstobitoff
Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide
GhostSecret
2018-04-24McAfeeAsheer Malhotra, Ryan Sherstobitoff
Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide
Lazarus Group
2018-04-20NCC GroupNikolaos Pantazopoulos
Decoding network data from a Gh0st RAT variant
Ghost RAT APT27
2018-04-17NCC GroupNikolaos Pantazopoulos
Decoding network data from a Gh0st RAT variant
Ghost RAT APT27
2018-04-03ESET ResearchAnton Cherepanov, Peter Kálnai
Lazarus KillDisks Central American casino
KillDisk (Lazarus) Lazarus Group
2018-03-28IntezerJay Rosenberg
Lazarus Group Targets More Cryptocurrency Exchanges and FinTech Companies
Unidentified 042
2018-03-14Malwarebytes Labshasherezade, Jérôme Segura, Vasilios Hioureas
Hermes ransomware distributed to South Koreans via recent Flash zero-day
Hermes
2018-03-08McAfeeAsheer Malhotra, Charles Crawford, Jessica Saavedra-Morales, Ryan Sherstobitoff
Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant
Lazarus Group
2018-03-01Kaspersky LabsKaspersky Lab
Lazarus under the Hood
BlueNoroff HOTWAX REDSHAWL WORMHOLE
2018-03-01DragosDragos
INDUSTRIAL CONTROL SYSTEM THREATS
APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm
2018-03-01Kaspersky LabsAnalysis Team, Kaspersky Lab Global Research
Lazarus under the Hood
NESTEGG
2018-02-12McAfeeAsheer Malhotra, Jessica Saavedra-Morales, Ryan Sherstobitoff, Thomas Roccia
Lazarus Resurfaces, Targets Global Banks and Bitcoin Users
CoreDN
2018-02-11SymantecLing Zhou
Technical Description: Downloader.Jelous
CoreDN
2018-02-05US-CERTUnknown Unknown
HIDDEN COBRA - North Korean Malicious Cyber Activity
HARDRAIN HARDRAIN
2018-02-01BitdefenderBitdefender Team
Operation PZCHAO Inside a highly specialized espionage infrastructure
Ghost RAT APT27
2018-01-29ProofpointDarien Huss
North Korea Bitten by Bitcoin Bug
Bitsran
2018-01-24Trend MicroCH Lei, Fyodor Yarochkin, Lenart Bermejo, Philippe Z Lin, Razor Huang
Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More
PowerRatankba
2018-01-24Trend MicroTrendmicro
A Look into the Lazarus Group’s Operations
Lazarus Group
2018-01-15Trend MicroAlfredo Oliveira, Gilbert Sison, Jay Yaneza, Rheniel Ramos
New KillDisk Variant Hits Financial Organizations in Latin America
KillDisk (Lazarus) Lazarus Group
2018-01-04Malware Traffic AnalysisBrad Duncan
MALSPAM PUSHING PCRAT/GH0ST
Ghost RAT
2018-01-01FireEyeFireEye
APT38
Bitsran BLINDTOAD BOOTWRECK Contopee DarkComet DYEPACK HOTWAX NESTEGG PowerRatankba REDSHAWL WORMHOLE Lazarus Group
2018-01-01McAfeeItai Liba, James Walter, Ryan Sherstobitoff
Dissecting Operation Troy: Cyberespionage in South Korea
Lazarus Group
2018-01-01FireEyeFireEye
APT38
CHEESETRAY CLEANTOAD NACHOCHEESE
2017-12-20RiskIQYonathan Klijnsma
Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry
PowerRatankba
2017-12-19ProofpointDarien Huss
North Korea Bitten by Bitcoin Bug
QUICKCAFE PowerSpritz Ghost RAT PowerRatankba
2017-12-19ProofpointDarien Huss
North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group
Ghost RAT
2017-12-13US-CERTUS-CERT
Malware Analysis Report (MAR) - 10135536-B
BADCALL Bankshot
2017-11-20Palo Alto Networks Unit 42Anthony Kasza, Juan Cortes, Micah Yates
Operation Blockbuster Goes Mobile
HARDRAIN
2017-11-20McAfeeInhee Han
Android Malware Appears Linked to Lazarus Cybercrime Group
HARDRAIN
2017-11-14US-CERTUS-CERT
Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer
Volgmer Lazarus Group
2017-11-14Department of Homeland SecurityDepartment of Homeland Security
HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL
Lazarus Group
2017-10-27Independent.co.ukAdam Withnall
British security minister says North Korea was behind WannaCry hack on NHS
WannaCryptor
2017-10-16Hirman Muhammad bin Abu Bakar, James Wong, Sergei Shevchenko
Taiwan Heist: Lazarus Tools and Ransomware
Bitsran Hermes
2017-10-16BAE SystemsHirman Muhammad bin Abu Bakar, James Wong, Sergei Shevchenko
Taiwan Heist: Lazarus Tools and Ransomware
BLINDTOAD Lazarus Group
2017-08-25Kaspersky LabsCostin Raiu, Juan Andrés Guerrero-Saade
Walking in your Enemy's Shadow: When Fourth-Party Collection becomes Attribution Hell
NetTraveler RCS WannaCryptor Dancing Salome
2017-08-14Palo Alto Networks Unit 42Anthony Kasza
The Blockbuster Saga Continues
HOPLIGHT
2017-06-13US-CERTUS-CERT
HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
Lazarus Group
2017-05-31MITREMITRE ATT&CK
Lazarus Group
Lazarus Group
2017-05-31MITREMITRE ATT&CK
Axiom
Derusbi 9002 RAT BLACKCOFFEE Derusbi Ghost RAT HiKit PlugX ZXShell APT17
2017-05-31MITREMITRE ATT&CK
PittyTiger
Enfal Ghost RAT MimiKatz Poison Ivy APT24
2017-05-31MITREMITRE
APT18
Ghost RAT HttpBrowser APT18
2017-05-30Group-IBGroup-IB
Lazarus Arisen: Architecture, Techniques and Attribution
HOTWAX NACHOCHEESE Ratankba
2017-05-25SymantecSecurity Response
Lazarus: History of mysterious group behind infamous cyber attacks
Lazarus Group
2017-05-25FlashpointFlashpoint
Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors
WannaCryptor
2017-05-22SymantecSymantec Security Response
WannaCry: Ransomware attacks show strong links to Lazarus group
AlphaNC BravoNC Duuzer Sierra(Alfa,Bravo, ...) WannaCryptor
2017-05-19ComaeMatt Suiche
WannaCry — Decrypting files with WanaKiwi + Demos
WannaCryptor
2017-05-19MalwarebytesAdam McNeil
How did the WannaCry ransomworm spread?
WannaCryptor
2017-05-16Adrian Nish, Sergei Shevchenko
Wannacryptor Ransomworm
WannaCryptor
2017-05-14ComaeMatt Suiche
WannaCry — New Variants Detected!
WannaCryptor
2017-05-13MalwareTechMalwareTech
How to Accidentally Stop a Global Cyber Attacks
WannaCryptor
2017-05-12The Moscow TimesThe Moscow Times
‘WCry’ Virus Reportedly Infects Russian Interior Ministry's Computer Network
WannaCryptor
2017-05-12KrebsOnSecurityBrian Krebs
U.K. Hospitals Hit in Widespread Ransomware Attack
WannaCryptor
2017-05-12G DataG Data
Warning: Massive "WannaCry" Ransomware campaign launched
WannaCryptor
2017-05-12EmsisoftHolger Keller
Global WannaCry ransomware outbreak uses known NSA exploits
WannaCryptor
2017-05-12MicrosoftAndrea Lelli, Elia Florio, Karthik Selvaraj, Tanmay Ganacharya
WannaCrypt ransomware worm targets out-of-date systems
WannaCryptor
2017-05-12Kaspersky LabsGReAT
WannaCry ransomware used in widespread attacks all over the world
WannaCryptor
2017-05-12ComaeMatt Suiche
WannaCry — The largest ransom-ware infection in History
WannaCryptor
2017-05-12AvastJakub Křoustek
WannaCry ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far today
WannaCryptor
2017-05-01IssueMakersLabIssueMakersLab
Operation GoldenAxe
Rifdoor
2017-04-07Palo Alto Networks Unit 42Anthony Kasza, Micah Yates
The Blockbuster Sequel
OpBlockBuster
2017-04-04Kaspersky LabsKaspersky Lab
Chasing Lazarus: A Hunt for the Infamous Hackers to Prevent Large Bank Robberies
Lazarus Group
2017-04-03Kaspersky LabsGReAT
Lazarus under the Hood
Alreay DYEPACK HOTWAX NESTEGG RatankbaPOS REDSHAWL WORMHOLE Lazarus Group
2017-04-03Kaspersky LabsGReAT
Lazarus under the Hood
Alreay DYEPACK
2017-04-03ThreatpostMichael Mimoso
Lazarus APT Spinoff Linked to Banking Hacks
Lazarus Group
2017-02-25Financial Security InstituteKyoung-Ju Kwak (郭炅周)
Silent RIFLE: Response Against Advanced Threat
Ghost RAT
2017-02-20BAE SystemsSergei Shevchenko
Lazarus’ False Flag Malware
HOTWAX NACHOCHEESE
2017-02-16ESET ResearchPeter Kálnai
Demystifying targeted malware used against Polish banks
BanPolMex RAT HOTWAX NACHOCHEESE
2017-02-12SymantecA L Johnson
Attackers target dozens of global banks with new malware
Ratankba Lazarus Group
2017-02-12SymantecA L Johnson
Attackers target dozens of global banks with new malware
Joanap Ratankba Sierra(Alfa,Bravo, ...) Lazarus Group
2017-02-12BAE SystemsBAE Systems Applied Intelligence
Lazarus & Watering-hole attacks
Ratankba
2017-01-01Github (rain-1)Epivalent, rain1
WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
WannaCryptor
2017-01-01FSIKay Kwak (Kyoung-Ju Kwak)
Campaign Rifle: Andariel, The Maiden of Anguish
Rifdoor
2016-06-03FireEyeSudeep Singh, Yin Hong Chang
APT Group Sends Spear Phishing Emails to Indian Government Officials
BreachRAT DarkComet Operation C-Major
2016-05-27AnomaliAaron Shelmire
Evidence of Stronger Ties Between North Korea and SWIFT Banking Attacks
DYEPACK Sierra(Alfa,Bravo, ...)
2016-05-26SymantecSymantec Security Response
SWIFT attackers’ malware linked to more financial attacks
Contopee Lazarus Group
2016-05-26SymantecSecurity Response
SWIFT attackers’ malware linked to more financial attacks
Contopee DYEPACK Sierra(Alfa,Bravo, ...) Lazarus Group
2016-05-20ReutersNathan Layne, Tom Bergin
Special Report: Cyber thieves exploit banks' faith in SWIFT transfer network
Lazarus Group
2016-05-16Bankinfo SecurityMathew J. Schwartz
Vietnamese Bank Blocks $1 Million SWIFT Heist
Lazarus Group
2016-05-15Trend MicroMartin Roesler
What We Can Learn From the Bangladesh Central Bank Cyber Heist
Lazarus Group
2016-05-13BAE SystemsAdrian Nish, Sergei Shevchenko
CYBER HEIST ATTRIBUTION
Sierra(Alfa,Bravo, ...)
2016-04-22CylanceIsaac Palmer
The Ghost Dragon
Ghost RAT
2016-03-07Github (xl7dev)xl7dev
RedHat Hacker.asp
RedHat Hacker WebShell
2016-02-24ThreatpostMichael Mimoso
Operation Blockbuster Coalition Ties Destructive Attacks to Lazarus Group
Lazarus Group
2016-02-01Blue Coat Systems IncSnorre Fagerland
From Seoul to Sony The History of the Darkseoul Group and the Sony Intrusion Malware Destover
Joanap Sierra(Alfa,Bravo, ...)
2016-02-01NovettaNovetta
Operation Blockbuster
Lazarus Group
2015-10-26SymantecSymantec Security Response
Duuzer back door Trojan targets South Korea to take over computers
Lazarus Group
2015-10-26SymantecA L Johnson
Duuzer back door Trojan targets South Korea to take over computers
Brambul Duuzer Joanap Lazarus Group
2015-09-10FireEyeGenwei Jiang, Josiah Kimble
Hangul Word Processor (HWP)Zero-Day: possible ties to North Korean threat actors
HOPLIGHT
2014-12-19US-CERTUS-CERT
Alert (TA14-353A): Targeted Destructive Malware
Sierra(Alfa,Bravo, ...)
2014-12-08Trend MicroTrend Micro
The Hack of Sony Pictures: What We Know and What You Need to Know
Lazarus Group
2013-06-26SymantecSecurity Response
Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War
Lazarus Group
2013-06-26SymantecSymantec Security Response
Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War
Lazarus Group
2013-05-29SymantecLionel Payet
South Korean Financial Companies Targeted by Castov
Lazarus Group
2013-05-28SymantecLionel Payet
South Korean Financial Companies Targeted by Castov
Lazarus Group
2013-03-20The New York TimesChoe Sang-Hun
Computer Networks in South Korea Are Paralyzed in Cyberattacks
Lazarus Group
2012-10-05MalwarebytesAdam Kujawa
Dark Comet 2: Electric Boogaloo
DarkComet
2012-06-21Contagio DumpMila Parkour
RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army
BlackShades DarkComet Terminator RAT
2012-06-09MalwarebytesAdam Kujawa
You dirty RAT! Part 1: DarkComet
DarkComet
2012-01-01Norman ASASnorre Fagerland
The many faces of Gh0st Rat
Ghost RAT
2011-06-29SymantecJohn McDonald
Inside a Back Door Attack
Ghost RAT Dust Storm
2011-03-11SymantecShunichi Imano
Trojan.Koredos Comes with an Unwelcomed Surprise
Lazarus Group
2011-03-11SymantecShunichi Imano
Trojan.Koredos Comes with an Unwelcomed Surprise
Lazarus Group
2009-07-08The GuardianMatthew Weaver
Cyber attackers target South Korea and US
Lazarus Group
2009-03-28Infinitum LabsInformation Warfare Monitor
Tracking GhostNet: Investigating a Cyber Espionage Network
Ghost RAT GhostNet

Credits: MISP Project